This repo contains patches for objection v1.12.3 so that the macOS command macos info binary works fully and reports extra security-related fields.
- macos info binary works even without agent RPC: it first gets
BundlePathviaenv_ios_paths(); if that fails, it finds the app bundle by name under/Applications/...and parses all binaries inContents/MacOS/andContents/Frameworks/. - Fat (universal) binary support: the correct slice is parsed for x86_64 + arm64 in a single file.
- Real values are read from the Mach-O:
- PIE, Encrypted (header + load commands)
- Stack Exec (
MH_ALLOW_STACK_EXECUTION), RootSafe (MH_ROOT_SAFE) - ARC, Canary (from the symbol table:
objc_retain/objc_release,stack_chk_guard) - Restrict: whether the
__RESTRICTsegment is present (LC_SEGMENT / LC_SEGMENT_64)
- All fields in the output are Yes / No (or a meaningful value); redundant
n/ais removed.
Overwrite the files in your objection install’s Python site-packages. Example (Homebrew Python 3.11):
SITE=$(python3.11 -c "import site; print(site.getsitepackages()[0])")
cp objection/commands/device.py "$SITE/objection/commands/device.py"
cp objection/commands/ios/binary.py "$SITE/objection/commands/ios/binary.py"To see which Python the objection command uses:
head -1 $(which objection)Use the site-packages path for that interpreter.
objection -N -h 127.0.0.1 -n "Your App" startIn the REPL:
macos info binary
Example output:
Name Type Encrypted PIE ARC Canary Stack Exec RootSafe Restrict
---------- ---- --------- --- --- ------ ---------- -------- --------
MyApp main No No Yes Yes No No No
objection/commands/device.py– Mach-O parsing, fat binary handling,_darwin_binary_info_from_bundle_path/_darwin_binary_info_by_name/_darwin_binary_info, and__RESTRICTsegment check.objection/commands/ios/binary.py–macos info binaryflow: BundlePath / by_name first, then agent/pid; Yes/No display and Restrict column.
Compatible with objection; subject to the original objection license.